On Wed, 3 Nov 2004, Bruce Momjian wrote: > Tom Lane wrote: > > Bruce Momjian <[EMAIL PROTECTED]> writes: > > >> I think Tom's fix adequately addresses the security concerns. Exactly > > >> what is wrong with writing to the current working directory? > > > > > Because it could be run from a directory where others have write > > > permission. > > > > In which case, they could also change the findoidjoins script itself. > > I think your fix is *less* secure than what you replaced. > > > > However, I've already wasted more than enough time on this issue... > > I'm done arguing about it. > > As far as I know, my method is the only secure method. If I am wrong I > would like to know.
I think the problem can really be solved by just removing it from the distribution. However, one thing I noticed with Bruce's script is that it does not respect $TMPDIR -- which security conscious admins may be setting. Solution would be to set TMP=${TMPDIR:-/tmp} before defining the path to the temporary sub directory. Thanks, Gavin ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster